CVE-2021-21308 MEDIUM

CVE-2021-21308: Improper session management for soft logout

Vendor Prestashop
Product PrestaShop
Weakness CWE-287 · Improper authentication
Published February 26, 2021
Last update August 3, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2

Key dates

02Disclosure timeline

February 26, 2021 CVE published
August 3, 2024 Record updated